FATF Blacklist 2025: How Iran, North Korea, and Myanmar Are Shaping Crypto Bans

FATF Blacklist 2025: How Iran, North Korea, and Myanmar Are Shaping Crypto Bans Jan, 25 2025

FATF Blacklist 2025: Crypto Compliance Checker

Important: This tool demonstrates how the FATF blacklist impacts crypto compliance for Iran, North Korea, and Myanmar as of 2025.

Iran

Full counter-measures since 2020. All VASPs must conduct enhanced due-diligence; most exchanges block Iranian IPs and wallet addresses.

High Risk

North Korea

Full counter-measures with aggressive enforcement. Any crypto address linked to hacking groups is automatically frozen.

Highest Risk

Myanmar

Enhanced due-diligence (no full counter-measures). VASPs must verify ultimate beneficial owners; some crypto activity still allowed.

Medium Risk
Crypto Restrictions Overview

Exchanges must:

  • Refuse onboarding customers from these countries
  • Freeze or report transactions involving sanctioned addresses
  • Run extra monitoring on cross-border crypto payments

Non-compliance risks:

  • Hefty fines
  • Loss of banking relationships
  • Criminal prosecution for compliance officers
Key Statistics (2024)

Total illicit crypto flows from blacklisted countries: $15.8 billion

Percentage of all illicit crypto activity: ~40%

Notable incidents:

  • Iran: $2.3 billion Bitcoin outflows in 2024
  • North Korea: $1.5 billion ByBit hack (Feb 2025)
  • Myanmar: $150 million funneled by military-linked broker

Enforcement Actions

US Agencies (2024):

  • OFAC: 13 designations targeting crypto addresses
  • FinCEN: Proposed rule to regulate Huione mixer

International Efforts:

  • Netherlands Central Bank updates capital buffers
  • FATF maintains current blacklist status
Compliance Tips for Crypto Firms

Best practices for staying compliant:

  1. Implement real-time sanctions screening
  2. Conduct enhanced due-diligence for high-risk jurisdictions
  3. Train staff regularly on sanctions updates
  4. Partner with analytics providers for transaction monitoring
  5. Audit your program annually against FATF Recommendations

Since June132025 the FATF blacklist has listed Iran, North Korea, and Myanmar as the three highest‑risk jurisdictions for money‑laundering, terrorism financing, and weapons‑proliferation threats. For anyone watching crypto markets, that list matters because it drives the toughest anti‑money‑laundering (AML) rules, forces exchanges to block users from those countries, and fuels a wave of enforcement actions aimed at the digital‑asset ecosystem.

Why the FATF Blacklist Matters for Crypto

Crypto assets are borderless, pseudonymous, and can be moved with a single click. Those features make them attractive for ordinary people seeking financial freedom, but they also give sanctioned actors a way to dodge traditional banking controls. The FATF is the inter‑governmental body that sets global AML/CFT standards therefore treats jurisdictions on its blacklist as "high‑risk" and tells every member country to apply extra safeguards, ranging from full counter‑measures to enhanced due‑diligence.

In practice, that means crypto exchanges must:

  • Refuse onboarding customers who are national or residents of Iran, North Korea, or Myanmar.
  • Freeze or report any transaction involving crypto addresses linked to sanctioned entities.
  • Run extra monitoring on cross‑border crypto payments that could be hiding illicit proceeds.

Failure to comply can result in hefty fines, loss of banking relationships, or even criminal prosecution for senior compliance officers.

Country Snapshots: Crypto Enforcement in Iran, North Korea, and Myanmar

Key crypto‑related enforcement measures for the three FATF‑blacklisted nations (2025)
CountryPrimary FATF ActionTypical Crypto RestrictionsNotable Recent Incident
IranFull counter‑measures since2020All VASPs must conduct enhanced due‑diligence; most exchanges block Iranian IPs and wallet addresses.Rapid surge in Bitcoin outflows in 2024, estimated $2.3billion moved abroad.
North KoreaFull counter‑measures, aggressive sanctions enforcementAny crypto address linked to the regime’s hacking groups is automatically frozen by major platforms.ByBit hack - $1.5billion stolen in February2025, attributed to Lazarus Group.
MyanmarEnhanced due‑diligence (no full counter‑measures)VASPs must verify ultimate beneficial owners; many still allow limited crypto activity.Military‑linked broker funnelled $150million in crypto to overseas wallets in 2024.
Cartoon hacker and Iranian user sending crypto amidst swirling mixer clouds and a locked bank backdrop.

How Criminal Actors Exploit Crypto in Blacklisted Jurisdictions

The data from Chainalysis a blockchain analytics firm tracking illicit flows shows that sanctioned jurisdictions moved $15.8billion in crypto during 2024 - nearly 40% of all illicit crypto activity worldwide. Two patterns dominate:

  1. State‑sponsored hacking. North Korea’s Lazarus Group runs sophisticated ransomware‑as‑a‑service operations, stealing billions from exchanges, gaming platforms, and DeFi protocols.
  2. Capital flight. Iranian citizens, cut off from the global banking system, turn to Bitcoin and stablecoins to preserve wealth and send money abroad.

Both trends rely on anonymity‑enhancing tools - mixers, privacy‑coins, and offshore wallets - that make it harder for law‑enforcement to trace the final beneficiary.

Global Enforcement Response: From OFAC to FinCEN

The United States has taken the lead in extending sanctions into the crypto realm. In 2024 the Office of Foreign Assets Control (OFAC) issued 13 designations that included specific crypto addresses - the second‑highest total in the past seven years. Those designations target the Islamic Revolutionary Guard Corps (IRGC), North Korean hacking groups, and Myanmar military‑linked entities.

FinCEN, the U.S. financial‑intelligence unit, has complemented OFAC’s actions with a proposed rule that would place the Huione Group (a known mixer) on the primary money‑laundering concerns list. The rule also calls for tighter reporting thresholds for large crypto‑transactions involving high‑risk jurisdictions.

Internationally, the Netherlands Central Bank continues to update its counter‑cyclical capital buffer requirements for banks with exposure to the three blacklist countries, while the FATF itself keeps the list static, signalling that compliance gaps remain stark.

Compliance Challenges for Crypto Businesses

Even though the FATF’s guidance is clear, implementing it is messy. As of April2024, three‑quarters of FATF member states were either non‑compliant or only partially compliant with virtual‑asset regulations. This patchwork creates loopholes that criminals exploit:

  • Many jurisdictions lack a legal definition of “virtual asset service provider” (VASP), leaving exchanges unsure about registration requirements.
  • Cross‑border data‑sharing agreements are still being negotiated, so a suspicious wallet flagged in Europe may not surface in the U.S. until weeks later.
  • Small‑to‑medium exchanges often cannot afford the sophisticated screening tools used by large platforms, making them vulnerable to accidental onboarding of sanctioned users.

For compliance officers, the practical rule of thumb is to treat any transaction involving an address that appears on a sanctions list - even a single token transfer - as high‑risk and to trigger a full investigation.

Cartoon regulators handing checklists to a nervous crypto exchange robot in a compliance hallway.

What the Future Holds for Crypto Regulation Around the Blacklist

Looking ahead, the FATF is likely to tighten its virtual‑asset standards. Its June132025 update added the British Virgin Islands and Bolivia to the “under increased monitoring” tier, showing a willingness to broaden scrutiny. However, the core trio - Iran, North Korea, Myanmar - stayed on the blacklist, meaning no relaxation in counter‑measures is expected.

Two developments could shift the landscape:

  1. Technical solutions. Enhanced on‑chain analytics and AI‑driven risk scoring may give regulators the visibility they need to enforce sanctions without choking legitimate users.
  2. Geopolitical negotiations. If diplomatic breakthroughs lead to partial sanctions relief for Iran or Myanmar, the FATF could downgrade their status, which would cascade into lighter crypto restrictions.

Until either scenario materializes, crypto firms should assume a high‑risk environment and embed robust screening, transaction monitoring, and staff training into their daily operations.

Key Takeaways

  • The FATF blacklist remains fixed on Iran, North Korea, and Myanmar as of October2025.
  • Crypto assets are a primary channel for these regimes to evade sanctions, with $15.8billion flowing through illicit wallets in 2024.
  • U.S. agencies (OFAC, FinCEN) are extending traditional sanctions into the crypto space, targeting addresses, mixers, and VASPs.
  • Global compliance is uneven; most countries still lag on virtual‑asset AML rules, creating exploitable gaps.
  • Firms that invest in advanced analytics, staff training, and proactive monitoring will survive the tightening regulatory tide.

Frequently Asked Questions

What does it mean when a country is on the FATF blacklist?

Being on the blacklist signals that the country poses a high risk for money‑laundering, terrorism financing, or weapons proliferation. FATF member states must apply specific counter‑measures-often full sanctions-when dealing with financial institutions or crypto services linked to that jurisdiction.

How are crypto exchanges forced to block users from Iran, North Korea, and Myanmar?

Most exchanges implement geolocation checks, IP‑blocking, and wallet‑address screening against sanctions lists published by OFAC and the EU. They also require robust KYC documentation that reveals the user’s nationality and residency. If any indicator ties a user to a blacklisted country, the account is frozen or denied.

Why is North Korea considered the biggest crypto threat?

North Korea runs state‑sponsored hacking groups like Lazarus that specialize in ransomware, phishing, and exchange theft. Their operations have generated billions in crypto, most famously the $1.5billion ByBit hack in 2025. The regime uses the proceeds to fund its nuclear program, making it a top priority for sanctions agencies.

What role does Chainalysis play in tracking sanctioned crypto flows?

Chainalysis provides blockchain‑analytics tools that label wallets, trace transaction paths, and estimate the value of illicit flows. Their 2024 report showed that sanctioned jurisdictions accounted for $15.8billion of illicit crypto, a metric regulators use to prioritize enforcement actions.

How can crypto businesses stay compliant with the evolving FATF standards?

Implement a risk‑based AML program that includes: (1) real‑time sanctions screening of wallets and addresses, (2) enhanced due‑diligence for high‑risk jurisdictions, (3) regular staff training on sanctions updates, and (4) partnership with analytics providers for on‑chain transaction monitoring. Auditing the program annually against the latest FATF Recommendations is also essential.

Tags:

11 Comments

  • Image placeholder

    Dick Lane

    October 11, 2025 AT 03:02
    I get why they're on the list but it's wild how much crypto is just becoming the new underground banking system. People in Iran aren't trying to fund terrorists, they're trying to feed their families.

    Real talk: if your bank won't let you send money home, what else are you supposed to do?
  • Image placeholder

    Norman Woo

    October 11, 2025 AT 08:43
    fATF is just a tool for the deep state to control money. they dont care about terrorisim they care about control. every time someone uses btc to bypass sanctions its a win for freedom. the real criminals are the ones writing the rules.
  • Image placeholder

    Serena Dean

    October 12, 2025 AT 00:57
    Honestly this post is so well put together! I work in compliance and seeing someone break down the real impact like this makes my job feel less like paperwork and more like protecting people.

    Small exchanges are drowning though - they need more support, not just fines.
  • Image placeholder

    James Young

    October 12, 2025 AT 13:21
    You people are naive. This isn't about 'financial freedom' - it's about sanctioned regimes stealing billions and laundering it through decentralized systems because they know the West is too soft to shut it down. The fact that you're defending this shows how out of touch you are.

    North Korea stole $1.5B from ByBit. That's not activism. That's war. And you're acting like it's a protest.
  • Image placeholder

    Chloe Jobson

    October 13, 2025 AT 09:19
    VASP compliance gaps are the real vulnerability. Without harmonized global AML frameworks, you're just playing whack-a-mole with blockchain addresses.

    Need cross-border data-sharing protocols, stat.
  • Image placeholder

    Andrew Morgan

    October 13, 2025 AT 17:07
    Man I just watched a video of a grandma in Tehran using USDT to pay for her grandson’s medicine while her local bank froze her account... and now you want to block her?

    This whole system feels like punishing the sick because the doctor is corrupt. I’m not saying the regime’s clean but the people? They’re just trying to survive.
  • Image placeholder

    madhu belavadi

    October 14, 2025 AT 15:05
    lol why do you even care about this? crypto is dead anyway. why are you wasting your time reading this?
  • Image placeholder

    Michael Folorunsho

    October 15, 2025 AT 07:14
    Let’s be clear: if you’re from one of these countries and using crypto, you’re either a criminal or an enabler. The U.S. built the global financial system - if you don’t like our rules, move to a dictatorship that doesn’t care about human rights.

    Stop romanticizing sanctions evasion. It’s not rebellion, it’s recklessness.
  • Image placeholder

    Roxanne Maxwell

    October 16, 2025 AT 03:25
    I just want to say thank you for writing this. My cousin in Myanmar uses crypto to send money to her family in Thailand. She’s not a criminal - she’s a daughter trying to help.

    Maybe the rules need to be stricter for the regime, not the people.
  • Image placeholder

    Jonathan Tanguay

    October 16, 2025 AT 23:09
    You guys are missing the bigger picture - the FATF blacklist is just the tip of the iceberg. The real issue is that 78% of VASPs globally still don’t use blockchain analytics tools properly, and most of them rely on outdated OFAC lists that haven’t been updated since 2022.

    And don’t even get me started on how mixers like Huione are still operating under shell companies in the Caribbean with zero KYC - that’s not a loophole, that’s a national security threat.

    Also, the Chainalysis report is flawed because it doesn’t account for the fact that 40% of Iranian stablecoin transactions are actually legitimate remittances disguised as crypto transfers because the central bank has blocked SWIFT.

    And don’t even mention Myanmar’s military-linked brokers - they’re using Telegram bots to auto-route crypto through Binance P2P, which means the real enforcement failure is in the lack of API-level monitoring by regulators.

    And nobody’s talking about how the Dutch Central Bank’s capital buffer requirements are actually incentivizing banks to exit crypto entirely, which pushes users toward even less regulated platforms - so you’re creating a feedback loop of risk.

    And the fact that Bolivia got added to increased monitoring but not the blacklist? That’s pure geopolitical bias. They’re not even a top 50 crypto user country.

    Bottom line: regulation without tech infrastructure is just theater. And until we fix the root cause - fragmented global standards - we’re just rearranging deck chairs on the Titanic.
  • Image placeholder

    Ayanda Ndoni

    October 17, 2025 AT 06:10
    Why are we even doing this? Just let people use crypto. Who cares if some guy in Pyongyang steals money? It’s not like it’s gonna affect my portfolio.

Write a comment